Answered: [Security threat] tags are not sanitized in extra question field

Post date: 2020-07-01 00:44:51
Views: 303

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.

Please click Here to read the full story.
 
Other Top and Latest Questions:
The market didn't like what it heard from the Fed and its new leader Kevin Warsh
Can you get a loan for a wedding? The do's, don'ts and alternatives
2-year Treasury yield rockets higher as many Fed officials signal possible hike this year
CME CEO Terrence Duffy says the exchange operator will sue CFTC over perpetual futures
Fed holds rates steady, pares down statement to remove cutting bias
Interview with the Vampire: The Vampire Lestat: Toledo
From Mom and Dad to Just Mom
You had one job, bank.
Boston recs, please!
China to return as major oil buyer in August, JPMorgan says, naming its top stock picks